Connect with us

Technology

Stealthy Malware: How Does it Work and How Should Enterprises Mitigate It?

By Marianne Bermejo, Malware Researcher, VIPRE Security Group 

Researchers find that “hunter-killer” malware is on the rise, with cybersecurity professionals claiming that the majority of malware now employ stealth-oriented techniques. 

This “stealthy” malware is essentially malicious software designed to evade detection while performing harmful activities on a system or network. It has evolved through advanced techniques like code obfuscation, polymorphism, and leveraging rootkits to remain undetected. This evolution reflects a cat-and-mouse game between cybercriminals and security professionals, where malware continuously adapts to bypass increasingly sophisticated detection mechanisms, demonstrating the dynamic and ever-challenging cybersecurity landscape.

How stealthy malware works  

Stealthy malware is best illustrated by a recent, real-world example of TA577, a ransomware threat actor that silently distributes malware loaders such as Qakbot and Pikabot. Malicious hackers use TA577 for ‘Email Thread Hijacking’, a technique to take control and manipulate systems for malicious purposes.

The hackers make deceptive emails and appear as replies to previous legitimate conversations. Hackers use real, legitimate conservations impersonating a senior executive, making it difficult for people to know that their email conversation has turned malicious. “I forwarded the paperwork to you yesterday, could you access it? or “I approved the payment to XXX, has the transfer been executed?”. It’s a cunning technique to take advantage of how people think or act in their job roles.

These emails contain zipped HTML attachments or links. When opened, the malware infects recipients’ computers or steals their personal information. By hijacking a thread, attackers can execute arbitrary code, allowing them to evade detection and carry out their malicious activities discreetly. They gain unauthorised access to sensitive data within the victims’ system such as username, IP address, computer name, and domain name. Manipulating credential theft at the server level, they gain access to the organisation’s sensitive information, potentially compromising entire IT systems and infrastructure.

Recent real-world examples

The financial sector is a top target of cybercriminals for state-sponsored cyberespionage as well as for not only for monetary gain. The digital financial sector environment alongside the open-source software supply chain landscape is making financial operations highly penetrable.

Recently, cybercriminals unleashed a phishing campaign targeting financial institutions in the Middle East, Africa, the South and Southeast Asia – and Visa customers. The threat actors deployed the JsOutProx malware to potentially conduct fraudulent activity. Likewise not long ago, criminals used an almost impossible-to-detect Linux malware to target the Latin American financial sector with the sole aim of capturing credentials and enabling backdoor access to victims’ machines.

This category of stealthy malware swiftly develops and deploys new techniques. So, hackers continuously refine and experiment with new delivery approaches. For example, threat actors are sneakily using Android banking trojans to automate the theft of online funds from everyday users.

What can financial organisations do?

As attackers continuously refine their tactics, organisations need to remain vigilant and proactively implement robust security measures to defend against such threats.

To mitigate such attacks, check for typos or grammatical errors in the emails received. Sometimes hackers deliberately include language errors in emails to evade email filters. By intentionally distorting common words or phrases, attackers heighten the likelihood of their emails bypassing traditional security measures and successfully infiltrating recipients’ inboxes, thus increasing the efficacy of their malicious campaign.

Exercise caution by verifying the legitimacy of any unfamiliar source before clicking on links or downloading attachments, as a single lapse in judgment could compromise device security and lead to server-level breaches. Be sceptical of urgent requests and unexpected emails too.

Maintain up-to-date antivirus software. Financial firms handle sensitive customer data and large sums of money, so remain prime targets for cyber-attacks and malware infections. Reputable antivirus solutions frequently release updates to address newly discovered threats, so financial organisations must ensure their software is regularly updated to close security vulnerabilities.  Up-to-date antivirus software is crucial for detecting and neutralising the latest viruses, trojans, and other malicious code that infiltrate systems and compromise sensitive information or even disrupt operations. Without robust antivirus protection, a single infected device on the network can act as an entry point for attackers.

Adopt measures to block outbound SMB (Server Message Block) traffic as a preventive measure against exploitation. SMB is a network communication protocol primarily used for providing shared access to files, printers, and other resources on a network. By restricting outbound SMB traffic, organisations significantly reduce their vulnerability and minimise the likelihood of unauthorised access to network resources.

No amount of technology will ever be sufficient to quell the onslaught of threat actors. Single, annual courses or classroom sessions are insufficient and ineffective. Financial organisations must have programmes in place to continuously raise awareness of new security threats and techniques that malicious hackers deploy.

Ultimately, due to the nature of cybercrime, cybersecurity is a shared responsibility between organisation and staff. By staying informed, adopting best practices, and exercising diligence in their online activities, employees play a critical role in safeguarding their organisation and indeed themselves.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Business

Enhancing the eCommerce customer experience through the power of multiple payment options

Source: Finance derivative

Spokesperson: John Harris, Senior Vice President, Travel & eCommerce, emerchantpay

Today’s consumers have higher expectations from brands than ever before. In fact, more than half of consumers (54%) will not return to a brand after just one bad experience. This is due in part to shoppers becoming accustomed to the convenience of the digital era, where they can purchase items at the click of a button from the comfort of their own homes.

To remain competitive in a rapidly evolving market, and prevent customers turning elsewhere, eCommerce merchants must deliver outstanding customer journeys and a seamless overall customer experience (CX). This includes a hassle-free online purchasing process, with payment options that align with customers individual preferences. Consequently, merchants that only offer traditional payment methods risk falling behind.

Offering a variety of payment options is not just about convenience. It also directly impacts customer satisfaction and loyalty. For online retailers looking to improve their CX, expanding their payment offerings is essential. In doing so, they can cater to a broader customer base, increasing loyalty and ultimately driving revenue.

The demand for diverse payments across eCommerce markets

A key factor driving the need for diverse payments is the rapid rate at which the UK eCommerce market is growing. At the end of last year, there were nearly 60 million eCommerce users across the nation. This is anticipated to increase to over 62 million in 2025. As the market expands, so does competition. And with significantly more online brands available, customer loyalty is waning.

For instance, if a customer does not receive a quick and seamless experience from one retailer, they can easily find an alternative merchant to meet their demands. In fact, 44% of UK consumers stop a purchase if their favourite payment method is not available – highlighting the importance of a diverse payment offering. This demonstrates that consumers demand flexibility in payment options as part of a frictionless experience.

Another reason merchants need to expand their payment offerings is to enable better global transactions. The ability to sell products to customers worldwide is a major benefit of eCommerce and can drive huge business success. However, there are challenges to be considered. For example, different countries often have preferred local payment methods and, in some regions, consumers may lack access to certain solutions. Therefore, offering a variety of payment options can help retailers meet the needs of all users and ensure a quality experience, no matter their location. By adapting to local payment preferences, merchants can create a consistent experience for global customers, supporting both satisfaction and loyalty.

How do different payment solutions help improve CX?

There are a range of Alternative Payment Methods (APMs) gaining traction across the eCommerce industry. One key example is Open Banking. This solution streamlines online shopping by enabling direct bank-to-bank transfers. This approach speeds up the checkout process significantly – transactions can be completed in seconds, with no need for consumers to enter their card details. With real-time processing, funds move instantly from the customer’s account. This provides consumers better clarity on their financial situation and can aid their budget management.

Additionally, the direct connection between banks, coupled with robust bank-level authentication measures, significantly reduces the risk of fraud for users. In brief, Open Banking offers a faster, more transparent and secure way for consumers to make online purchases, significantly enhancing the overall CX.

Digital wallets, such as Apple Pay, are another payment method that can help optimise CX. Digital wallets store a user’s credit or debit card details in an app, encrypting sensitive details for security during transactions. Then, consumers can pay for their products and services using their smart device. Digital wallets allow for quick payments, streamlining the online checkout process by saving time and reducing friction during transactions as they are not required to input card details. Typically, users can also access their digital wallets across various devices, making it easy to make payments from smartphones, tablets or smartwatches.

By incorporating solutions like these, merchants can significantly enhance the CX through faster, more secure, and convenient payment options. However, integrating these APMs seamlessly often requires the expertise of a trusted payment service provider (PSP). PSPs enable merchants to quickly adopt diverse payment solutions that cater to customer preferences globally. In fact, for 32% of payments leaders, the ability to offer a range of global payment options is the key reason for seeking a PSP partner. When partnering with a trusted PSP, eCommerce businesses are better equipped to meet consumer demand for alternative payments. This gives them a competitive edge as they can deliver seamless and flexible experiences that customers expect.

Ultimately, the flexibility and convenience of multiple payment options reduces friction in the purchasing process for consumers. This leads to a better overall CX and increased satisfaction. And the happier a consumer is with their experience with a brand, the more likely they are to become a loyal customer. For merchants, this can result in higher conversion rates, reduced cart abandonment and improved customer retention. As all this helps brands to gain a competitive edge in the increasingly crowded eCommerce landscape, offering multiple payment options is an obvious win-win.

Continue Reading

Business

How to maintain efficiency without sacrificing authenticity with GenAI

Jason Morris, SEO Marketing Manager, Brew Digital

Content creation has been fundamentally and forever changed by GenAI tools. They offer a fast and efficient way of building content, in a matter of seconds, and a majority of businesses have been deploying it in some capacity for the last two years.

In particular, tools like ChatGPT, Copy.ai and Jasper have transformed copywriting, allowing businesses to quickly turn around high-quality content, social media content, blog posts and marketing copy, in a matter of minutes. It has also revolutionised our approach to SEO, helping with everything from optimising keywords to generating content that meets search engine standards.

However, the same capability that makes AI attractive – its speed in generating content – can result in copy that feel generic and impersonal, risking the intuition and creativity that are essential for compelling brand messaging. This is because AI, by nature, operates on probabilistic models that predict the most likely next word or phrase based on patterns in the data it has been trained on.

Large language models (LLMs), are excellent at identifying and replicating patterns, but lack the creativity and intuition that come from human experience. While this can be useful for producing factual or structured content, it often results in formulaic writing that lacks originality and depth. In areas like storytelling or thought leadership, where original insights are key, AI struggles to deliver the same level of nuance and emotional connection that human writers can achieve.

Inauthentic writing does not just risk disengaging brand audiences, either, and many search algorithms are now designed to detect web pages with AI-generated content and diminish its domain authority. This will inevitably lead to diminished visibility and a drop in organic traffic, and is exemplified by Google removing a staggering 40% of indexed web pages for failing to meet its E-E-A-T (Expertise, Experience, Authoritativeness, Trustworthiness) standards. This is a trend we can expect to see continue as GenAI created content becomes even more prevalent.

Thus, the challenge for brands in the age of AI is to harness the power of efficiency without losing the unique voice that sets them apart.

‘Bans’ are counter-intuitive

The first step in striking the balance between efficiency and authenticity is to establish blueprints for how AI can and should be used within a business setting. For companies keen to retain that human flair, limiting AI usage may seem attractive. However, staff will use GenAI for content creation regardless of whether or not their employers tell them not to. In fact, a blanket ban on GenAI will only lead to the bigger challenge of ‘Shadow AI’.

Recent research shows that 78% of knowledge workers use their own AI tools to complete work, yet 52% don’t disclose this to employers. This not only poses significant organisational risks like data breaches, compliance violations, and security threats, but it also means business leaders will never have full transparency over how much, and how often, GenAI is being used to create the messaging that’s being published for customer or public consumption.

So how should GenAI be used?

For businesses that regularly need to create high-volumes of detailed content, GenAI tools like Jasper can provide crucial support for building first drafts, generating ideas, and providing digestible summaries or even detecting mistakes across existing copy. This process of leaving the more time-consuming content creation tasks to AI frees up considerable time for content creators and enables them to focus on strategy and creativity.

Likewise, tools such as MarketMuse can analyse audience behaviour and preferences, audit existing content, suggest SEO optimisation, and identify gaps in coverage. These data-driven insights enable brands to create more tailored and engaging content, improving both reach and conversion rates.

Another significant advantage is consistency. Ensuring a uniform tone and style across various platforms is essential for cultivating a cohesive brand identity. AI tools play a crucial role here, by supporting content so that it aligns with established brand guidelines. By maintaining consistent messaging, businesses can strengthen their connection with their audience and foster long-term trust.

For businesses and content creators looking to use GenAI to create content which will be made public, it’s essential for them to review, refine and personalise outputs extremely carefully. This ensures that the final output remains true to the brand’s voice and offers genuine value to the audience.

GenAI is no substitute for human storytelling

While AI can support efficiency, human insight is essential for crafting content that truly resonates. This is especially true in storytelling and in complex strategies like seo consultancy, where aligning with audience expectations requires a thoughtful, hands-on approach.

Humans are still best equipped to connect with audiences on an emotional level. Storytelling, creativity, and real-life experience are areas where human writers hold a distinct advantage.

By blending AI’s efficiency with the creativity and empathy that only humans can bring, brands can produce content that is not only high-quality but also deeply engaging. AI tools, therefore, should complement human creativity, not replace it. Striking this balance allows businesses to maximise efficiency without sacrificing authenticity, creating content that resonates and builds long-term connections with audiences.

Continue Reading

Business

Artificial intelligence will revolutionise the manufacturing industry: here’s how

By Grace Nam, Strategic Solutions Manager at Laserfiche

Much of the manufacturing industry continues to rely on traditional ways of handling data and documentation, with scattered technology and complex processes acting as barriers to progress and hybrid working. This siloed information coupled with rising costs, logistical uncertainty, and doubts over the supply of essential raw materials is making manufacturing stagnant.

The answer is digitalised smart systems and processes. Innovations such as AI-powered cloud document management systems (DMS) can control and organise critical data, creating a single source of truth to streamline processes and provide multi-layer protection against missing documentation to comply with regulations. Let’s look at some of the core ways that AI will revolutionise manufacturing: minimising errors, empowering employees, and attracting talent. 

Harmonising processes, freeing up time

First, by digitalising data and investing in AI integrations, manufacturing leaders can reduce margin for error. While the integration of IOT may appear to garner similar results, the real impact of AI is incredibly different. 

IOT focuses on supporting machines and network enablement. On the other hand, AI supports the functionalities that are traditionally confined to the realm of human responsibility and intelligence. While IOT connects physical objects to manufacturing networks, AI harmonises the entire process and structures unstructured data.

The value of AI lies in its scalability. AI can reduce tedious data entry for employees and eliminate delays, having the potential to transform employees’ lives by reclaiming time for valuable projects and saving resources.

Creating more efficient process cycles

AI also enables manufacturing leaders to enhance process automation, making the more time-consuming elements of the manufacturing process rule-based and decision-driven. For instance, in a recent SME study that surveyed over 300 manufacturing professionals, one-third of respondents reported experiencing work delays a few times a week across various operational processes. 

As is the case with minimising errors, the role of AI is to free up human employees for other tasks, not replace them. AI and ML are invaluable tools to save countless hours wasted by employees fulfilling administrative tasks, reclaiming significant amounts of time that can be redirected to supporting customers. Manufacturing companies can implement processes driven by AI and ML to streamline areas of the business and integrate processes that often experience delays, as well as augmenting high-cost processes involved with compliance documentation to create better process cycles.

AI-powered decision making

With endless data at their fingertips, leaders can utilise AI to gain insights and power decision-making. This technology gives organisations the ability to centralise customer information and order history and gather product information that involves hundreds or even thousands of parts, where each part carries its own unique identification number. 

Another example could be analysing the data in relation to how suppliers perform, enabling the manufacturing organisation to better understand what to expect and prepare for potential pitfalls in advance.

AI-powered technologies are also being implemented to resolve interoperability issues, enabling computer systems and software to exchange and make use of information across platforms. Allowing data to be shared between different software and technologies will help in streamlining processes. 

By utilising process automation and enhancing data processing speed, we can expect organisations to see an increase in operational efficiency. These improved systems will reduce costs while improving scalability and flexibility, enabling the streamlined sharing of data across the business. 

Looking ahead: the future of manufacturing

 AI-powered solutions improve the working lives of almost everyone in the sector, helping them make better informed decisions at speed, while process automation solutions empower remote employees who are integral to the success of future workforces. This innovation is vital for businesses to attract, and retain, new generations of talent.  

AI and machine learning are offering the manufacturing industry the opportunity to unlock new levels of efficiency and create a solid foundation for future growth and innovation. From sales and supply chain management to quality checks and inventory control, AI is streamlining complex processes, predicting potential issues, and ensuring timely delivery of projects.

It’s not just about keeping up with technological trends and jumping on the bandwagon. AI proves its worth for manufacturers aiming to make critical decisions promptly, effectively address high-cost functionalities, streamline operations, ensure accuracy of compliance documentation, enhance scope for innovation, boost ROI, and improve sustainability. By bringing together human intuition with the speed and scale of AI technologies, manufacturers can remain competitive – and continue to evolve – for years to come.

Continue Reading

Copyright © 2021 Futures Parity.